All of lore.kernel.org
 help / color / mirror / Atom feed
From: Roman Gushchin <roman.gushchin@linux.dev>
To: Pasha Tatashin <pasha.tatashin@soleen.com>
Cc: Greg KH <gregkh@linuxfoundation.org>,
	linux-kernel@vger.kernel.org, linux-mm@kvack.org,
	linux-doc@vger.kernel.org, linux-fsdevel@vger.kernel.org,
	cgroups@vger.kernel.org, linux-kselftest@vger.kernel.org,
	akpm@linux-foundation.org, corbet@lwn.net, derek.kiernan@amd.com,
	dragan.cvetic@amd.com, arnd@arndb.de, viro@zeniv.linux.org.uk,
	brauner@kernel.org, jack@suse.cz, tj@kernel.org,
	hannes@cmpxchg.org, mhocko@kernel.org, shakeel.butt@linux.dev,
	muchun.song@linux.dev, Liam.Howlett@oracle.com,
	lorenzo.stoakes@oracle.com, vbabka@suse.cz, jannh@google.com,
	shuah@kernel.org, vegard.nossum@oracle.com,
	vattunuru@marvell.com, schalla@marvell.com, david@redhat.com,
	willy@infradead.org, osalvador@suse.de,
	usama.anjum@collabora.com, andrii@kernel.org,
	ryan.roberts@arm.com, peterx@redhat.com, oleg@redhat.com,
	tandersen@netflix.com, rientjes@google.com, gthelen@google.com
Subject: Re: [RFCv1 0/6] Page Detective
Date: Tue, 19 Nov 2024 18:23:37 +0000	[thread overview]
Message-ID: <ZzzXqXGRlAwk-H2m@google.com> (raw)
In-Reply-To: <CA+CK2bD88y4wmmvzMCC5Zkp4DX5ZrxL+XEOX2v4UhBxet6nwSA@mail.gmail.com>

On Tue, Nov 19, 2024 at 10:08:36AM -0500, Pasha Tatashin wrote:
> On Mon, Nov 18, 2024 at 8:09 PM Greg KH <gregkh@linuxfoundation.org> wrote:
> >
> > On Mon, Nov 18, 2024 at 05:08:42PM -0500, Pasha Tatashin wrote:
> > > Additionally, using crash/drgn is not feasible for us at this time, it
> > > requires keeping external tools on our hosts, also it requires
> > > approval and a security review for each script before deployment in
> > > our fleet.
> >
> > So it's ok to add a totally insecure kernel feature to your fleet
> > instead?  You might want to reconsider that policy decision :)
> 
> Hi Greg,
> 
> While some risk is inherent, we believe the potential for abuse here
> is limited, especially given the existing  CAP_SYS_ADMIN requirement.
> But, even with root access compromised, this tool presents a smaller
> attack surface than alternatives like crash/drgn. It exposes less
> sensitive information, unlike crash/drgn, which could potentially
> allow reading all of kernel memory.

The problem here is with using dmesg for output. No security-sensitive
information should go there. Even exposing raw kernel pointers is not
considered safe.

I'm also not sure about what presents a bigger attack surface. Yes,
drgn allows to read more, but it's using /proc/kcore, so the in-kernel
code is much simpler. But I don't think it's a relevant discussion,
if a malicious user has a root access, there are better options than
both drgn and page detective.

  reply	other threads:[~2024-11-19 18:23 UTC|newest]

Thread overview: 43+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-11-16 17:59 [RFCv1 0/6] Page Detective Pasha Tatashin
2024-11-16 17:59 ` [RFCv1 1/6] mm: Make get_vma_name() function public Pasha Tatashin
2024-11-18 10:26   ` Lorenzo Stoakes
2024-11-18 20:40     ` Pasha Tatashin
2024-11-18 20:44       ` Matthew Wilcox
2024-11-18 22:26         ` Pasha Tatashin
2024-11-16 17:59 ` [RFCv1 2/6] pagewalk: Add a page table walker for init_mm page table Pasha Tatashin
2024-11-18  6:49   ` Christoph Hellwig
2024-11-18 10:32     ` Lorenzo Stoakes
2024-11-18 20:42     ` Pasha Tatashin
2024-11-16 17:59 ` [RFCv1 3/6] mm: Add a dump_page variant that accept log level argument Pasha Tatashin
2024-11-16 17:59 ` [RFCv1 4/6] misc/page_detective: Introduce Page Detective Pasha Tatashin
2024-11-16 22:20   ` Jonathan Corbet
2024-11-18 20:43     ` Pasha Tatashin
2024-11-18 11:11   ` Lorenzo Stoakes
2024-11-18 21:55   ` Jann Horn
2024-11-16 17:59 ` [RFCv1 5/6] misc/page_detective: enable loadable module Pasha Tatashin
2024-11-16 17:59 ` [RFCv1 6/6] selftests/page_detective: Introduce self tests for Page Detective Pasha Tatashin
2024-11-17  6:25   ` Muhammad Usama Anjum
2024-11-18 20:27     ` Pasha Tatashin
2024-11-18 11:17 ` [RFCv1 0/6] " Lorenzo Stoakes
2024-11-18 12:53   ` Jann Horn
2024-11-18 22:24     ` Pasha Tatashin
2024-11-19  0:39       ` Jann Horn
2024-11-19  1:29         ` Pasha Tatashin
2024-11-19 12:52           ` Jann Horn
2024-11-19 15:14             ` Pasha Tatashin
2024-11-19 15:53               ` Jann Horn
2024-11-19 18:51             ` Matthew Wilcox
2024-11-18 19:11 ` Roman Gushchin
2024-11-18 22:08   ` Pasha Tatashin
2024-11-19  1:09     ` Greg KH
2024-11-19 15:08       ` Pasha Tatashin
2024-11-19 18:23         ` Roman Gushchin [this message]
2024-11-19 19:30           ` Pasha Tatashin
2024-11-19 19:35             ` Yosry Ahmed
2024-11-19 20:57               ` Roman Gushchin
2024-11-20 16:13               ` Pasha Tatashin
2024-11-20 17:33                 ` Yosry Ahmed
2024-11-20 17:46                   ` Pasha Tatashin
2024-11-20 15:29 ` Andi Kleen
2024-11-20 16:40   ` Pasha Tatashin
2024-11-20 19:14     ` Andi Kleen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZzzXqXGRlAwk-H2m@google.com \
    --to=roman.gushchin@linux.dev \
    --cc=Liam.Howlett@oracle.com \
    --cc=akpm@linux-foundation.org \
    --cc=andrii@kernel.org \
    --cc=arnd@arndb.de \
    --cc=brauner@kernel.org \
    --cc=cgroups@vger.kernel.org \
    --cc=corbet@lwn.net \
    --cc=david@redhat.com \
    --cc=derek.kiernan@amd.com \
    --cc=dragan.cvetic@amd.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=gthelen@google.com \
    --cc=hannes@cmpxchg.org \
    --cc=jack@suse.cz \
    --cc=jannh@google.com \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-kselftest@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=lorenzo.stoakes@oracle.com \
    --cc=mhocko@kernel.org \
    --cc=muchun.song@linux.dev \
    --cc=oleg@redhat.com \
    --cc=osalvador@suse.de \
    --cc=pasha.tatashin@soleen.com \
    --cc=peterx@redhat.com \
    --cc=rientjes@google.com \
    --cc=ryan.roberts@arm.com \
    --cc=schalla@marvell.com \
    --cc=shakeel.butt@linux.dev \
    --cc=shuah@kernel.org \
    --cc=tandersen@netflix.com \
    --cc=tj@kernel.org \
    --cc=usama.anjum@collabora.com \
    --cc=vattunuru@marvell.com \
    --cc=vbabka@suse.cz \
    --cc=vegard.nossum@oracle.com \
    --cc=viro@zeniv.linux.org.uk \
    --cc=willy@infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.